Third Party Risk Management: In a Perfect World

In a perfect world, CISOs would be equipped with security resources and tools to combat against any threat. It’s no secret that we don’t live in a perfect world. Specifically, CISOs don’t have direct control over the security provided by third parties. This puts the responsibility of assessing the risk to corporate information accessible from each third party’s network squarely on the CISO. This complimentary NormShield-sponsored Security Current White Paper discusses the reality in which a CISO does not have direct control over every potential risk and ways to mitigate against that reality.

Details

Attack Campaigns: Connecting the Dots to Disrupt the Adversary – sponsored

Adversaries have patience and expect to persevere over any and all obstacles that stand in front of them. Their toolkit is not limited and if at first they don’t succeed they’ll try again until they complete their mission. The enterprise’s challenge: find and disrupt them before they fulfill their mission and prepare for the next one, never relinquishing their hold.

Cybersecurity threats to the enterprise continue to move at a pace whereby many organizations are not able to keep up with the known, let alone advanced adversarial tactics. For years the industry has concluded that advanced attacks involve some sort of malware in order to be successful. While malware can be used to exploit a target, there’s an evolution occurring that extends beyond the need for malware or zero-day exploits: attack campaigns. An attack campaign is not just an opportunistic attack aiming to compromise an endpoint, but rather a deliberately focused effort with a specific motive and mission with the intention to persevere until the campaign’s successful conclusion.

Details

User Authentication Gets Flexible – sponsored

It’s no secret, password secrets haven’t held up for quite some time against attacks targeting consumers and enterprise organizations.

Breach after breach, credential compromise seems to be the path of least resistance. Why bother attempting to exploit a remote server against an unknown or even known vulnerability, when phishing a human will do just fine?

Open, click, and enter credentials – it doesn’t get any easier for an attacker. To make matters worse, the universal password is just that, it is universally re-used oftentimes across multiple sites.

Harvest one set of credentials and chances are good it is re-used elsewhere. Time and time again this has been increasingly clear through interacting with everyday people who are the end users within our corporations.

With dozens and dozens of different sites requiring a login, can you blame them for using weak or the same password across personal and corporate accounts? How many sites do you have to remember passwords for as a security professional?

This White Paper reviews how security and convenience have historically been at polar opposites. It examines Authentify xFA™ which bridges the gap between convenience and strong authentication.

Details

The Hunter Becomes the Hunted – sponsored

As the world becomes more connected, it is no longer enough for enterprises to react once an alert indicates an attacker is on the network. What if security teams seek out the attacker as opposed to waiting for them to slip up and trip an alert?

With motivated attackers penetrating successfully, security leaders are creating internal teams of hunters to locate the attacker and to eradicate them as quickly as possible. This is a change in mindset from the way teams have long been accustomed to identifying incidents.

The simple fact of the matter is that attackers are penetrating networks and advanced security teams have begun to recognize the need to
 move from sitting and waiting to go on the hunt for the attacker.

This white paper explains how the hunter becomes the hunted and how Arbor Networks’ Pravail® Security Analytics empowers security teams to have a fighting chance defending the enterprise. To be successful at hunting for an attacker, security teams need visibility, speed, accuracy, and analysis across historical and real-time data.

Details